public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
if (string.IsNullOrEmpty(target.InstallLocation))
{
yield break;
}
foreach (var fullCompatKey in AppCompatFlags.SelectMany(compatKey => new[]
{
compatKey + @"\Layers",
compatKey + @"\Compatibility Assistant\Store"
}))
{
using (var key = RegistryTools.OpenRegistryKey(fullCompatKey))
{
if (key == null)
{
continue;
}
foreach (var valueName in key.GetValueNames())
{
// Check for matches
if (valueName.StartsWith(target.InstallLocation,
StringComparison.InvariantCultureIgnoreCase))
{
var junk = new RegistryValueJunk(key.Name, valueName, target, this);
junk.Confidence.Add(ConfidenceRecord.ExplicitConnection);
yield return(junk);
}
}
}
}
}
private IJunkResult JunkFromValue(ApplicationUninstallerEntry target, string key, string valueName)
{
var junk = new RegistryValueJunk(key, valueName, target, this);
junk.Confidence.Add(ConfidenceRecords.ExplicitConnection);
return(junk);
}
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
const string firewallRulesKey =
@"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules";
const string fullFirewallRulesKey = @"HKEY_LOCAL_MACHINE\" + firewallRulesKey;
var results = new List <IJunkResult>();
if (string.IsNullOrEmpty(target.InstallLocation))
{
return(results);
}
using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(firewallRulesKey))
{
if (key != null)
{
foreach (var valueName in key.TryGetValueNames())
{
var value = key.GetValue(valueName) as string;
if (string.IsNullOrEmpty(value))
{
continue;
}
var start = value.IndexOf("|App=", StringComparison.InvariantCultureIgnoreCase) + 5;
var charCount = value.IndexOf('|', start) - start;
var fullPath = Environment.ExpandEnvironmentVariables(value.Substring(start, charCount));
if (fullPath.StartsWith(target.InstallLocation, StringComparison.InvariantCultureIgnoreCase))
{
var node = new RegistryValueJunk(fullFirewallRulesKey, valueName,
target, this);
node.Confidence.Add(ConfidenceRecords.ExplicitConnection);
results.Add(node);
}
}
}
}
return(results);
}
public IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
if (string.IsNullOrEmpty(target.InstallLocation))
{
yield break;
}
foreach (var userAssistGuid in UserAssistGuids)
{
using (var key = RegistryTools.OpenRegistryKey(
$@"{SoftwareRegKeyScanner.KeyCu}\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{userAssistGuid}\Count"))
{
if (key == null)
{
continue;
}
foreach (var valueName in key.GetValueNames())
{
// Convert the value name to a usable form
var convertedName = Rot13(valueName);
var guidEnd = convertedName.IndexOf('}') + 1;
Guid g;
if (guidEnd > 0 && GuidTools.GuidTryParse(convertedName.Substring(0, guidEnd), out g))
{
convertedName = NativeMethods.GetKnownFolderPath(g) + convertedName.Substring(guidEnd);
}
// Check for matches
if (convertedName.StartsWith(target.InstallLocation,
StringComparison.InvariantCultureIgnoreCase))
{
var junk = new RegistryValueJunk(key.Name, valueName, target, this);
junk.DisplayValueName = convertedName;
junk.Confidence.Add(ConfidenceRecords.ExplicitConnection);
yield return(junk);
}
}
}
}
}
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
var results = new List <IJunkResult>();
if (string.IsNullOrEmpty(target.InstallLocation))
{
return(results);
}
using (var key = GetFirewallRulesKey())
{
if (key != null)
{
foreach (var valueName in key.TryGetValueNames())
{
var value = key.GetValue(valueName) as string;
if (string.IsNullOrEmpty(value))
{
continue;
}
var start = value.IndexOf("|App=", StringComparison.InvariantCultureIgnoreCase) + 5;
var charCount = value.IndexOf('|', start) - start;
var fullPath = Environment.ExpandEnvironmentVariables(value.Substring(start, charCount));
if (fullPath.StartsWith(target.InstallLocation, StringComparison.InvariantCultureIgnoreCase))
{
var node = new RegistryValueJunk(FirewallRulesKey, valueName,
target, this);
node.Confidence.Add(ConfidenceRecords.ExplicitConnection);
results.Add(node);
}
}
}
}
return(results);
}
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
var installLocation = target.InstallLocation;
if (string.IsNullOrEmpty(installLocation))
{
yield break;
}
using (var key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(
@"SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders"))
{
if (key == null)
{
yield break;
}
foreach (var valueName in key.GetValueNames())
{
if (!SubPathIsInsideBasePath(installLocation, valueName))
{
continue;
}
var node = new RegistryValueJunk(key.Name, valueName, target, this);
node.Confidence.Add(ConfidenceRecord.ExplicitConnection);
if (GetOtherInstallLocations(target).Any(x => SubPathIsInsideBasePath(x, valueName)))
{
node.Confidence.Add(ConfidenceRecord.DirectoryStillUsed);
}
yield return(node);
}
}
}
public override IEnumerable <IJunkResult> FindJunk(ApplicationUninstallerEntry target)
{
var isStoreApp = target.UninstallerKind == UninstallerType.StoreApp;
if (isStoreApp && string.IsNullOrEmpty(target.RatingId))
{
throw new ArgumentException("StoreApp entry has no ID");
}
if (isStoreApp)
{
foreach (var regAppEntry in _regAppsValueCache)
{
if (regAppEntry.AppName == null)
{
continue;
}
if (string.Equals(regAppEntry.AppName, target.RatingId, StringComparison.OrdinalIgnoreCase))
{
// Handle the value under RegisteredApps itself
var regAppResult = new RegistryValueJunk(regAppEntry.RegAppFullPath, regAppEntry.ValueName, target, this);
regAppResult.Confidence.Add(ConfidenceRecords.ExplicitConnection);
yield return(regAppResult);
// Handle the key pointed at by the value
var appEntryKey = new RegistryKeyJunk(regAppEntry.AppKey, target, this);
appEntryKey.Confidence.Add(ConfidenceRecords.ExplicitConnection);
appEntryKey.Confidence.Add(ConfidenceRecords.IsStoreApp);
yield return(appEntryKey);
}
}
}
else
{
foreach (var regAppEntry in _regAppsValueCache)
{
if (regAppEntry.AppName != null)
{
continue;
}
var generatedConfidence = ConfidenceGenerators.GenerateConfidence(regAppEntry.ValueName, target).ToList();
if (generatedConfidence.Count > 0)
{
// Handle the value under RegisteredApps itself
var regAppResult = new RegistryValueJunk(regAppEntry.RegAppFullPath, regAppEntry.ValueName, target, this);
regAppResult.Confidence.AddRange(generatedConfidence);
yield return(regAppResult);
// Handle the key pointed at by the value
const string capabilitiesSubkeyName = "\\Capabilities";
if (regAppEntry.TargetSubKeyPath.EndsWith(capabilitiesSubkeyName, StringComparison.Ordinal))
{
var capabilitiesKeyResult = new RegistryKeyJunk(regAppEntry.TargetFullPath, target, this);
capabilitiesKeyResult.Confidence.AddRange(generatedConfidence);
yield return(capabilitiesKeyResult);
var ownerKey = regAppEntry.TargetFullPath.Substring(0,
regAppEntry.TargetFullPath.Length - capabilitiesSubkeyName.Length);
var subConfidence = ConfidenceGenerators.GenerateConfidence(Path.GetFileName(ownerKey),
target).ToList();
if (subConfidence.Count > 0)
{
var subResult = new RegistryKeyJunk(ownerKey, target, this);
subResult.Confidence.AddRange(subConfidence);
yield return(subResult);
}
}
}
}
}
}
